KarjaSoft Sami FTP Server Multiple Buffer Overflow Vulnerabilities

Bugtraq ID:	22045
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 15 2007 12:00AM
Updated:	Mar 16 2007 08:24PM
Credit:	These vulnerabilities were discovered by rewterz and Muhammad Ahmed Siddiqui.
Vulnerable:	KarjaSoft Sami FTP Server 2.0.2
Not Vulnerable:

KarjaSoft Sami FTP Server Multiple Buffer Overflow Vulnerabilities

Sami FTP Server is prone to multiple stack-overflow vulnerabilities.

A successful exploit may lead to remote arbitrary code execution with the privileges of the server, facilitating remote compromise of affected computers.

Sami FTP Server version 2.0.2 is vulnerable to these issues; other versions may also be affected.

KarjaSoft Sami FTP Server Multiple Buffer Overflow Vulnerabilities

The following exploit code is available exclusively for Immunity Partners:

https://www.immunityinc.com/downloads/immpartners/samiftp.tar

The following exploits are also available:

• /data/vulnerabilities/exploits/samiftp_poc.c
• /data/vulnerabilities/exploits/22045.pl

KarjaSoft Sami FTP Server Multiple Buffer Overflow Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

KarjaSoft Sami FTP Server Multiple Buffer Overflow Vulnerabilities

References:

• Sami FTP Server Homepage (KarjaSoft)